Firefox Users Urged To Download Latest Security Update — Now

A major vulnerability plaguing Firefox has Mozilla warning users to update the Web browser as soon as possible. The company is urging all Firefox users to update to Firefox 39.0.3 to fix the vulnerability and protect themselves from an exploit that has been found the wild.

The browser is set to automatically update by default, but users should manually check to ensure that the update has indeed gone through.

Mozilla said it first learned about the bug Wednesday morning when a Firefox user informed the company that an advertisement on a news Web site in Russia was offering an exploit for the browser that searched for specific, sensitive files, before uploading them to a server that appeared to be located in the Ukraine.

Same Origin Policy Exploit

The vulnerability allows hackers to violate the browserEUs same origin policy and inject script into a non-privileged part of FirefoxEUs built-in PDF viewer. Same origin is a security practice in which a Web browser allows scripts running from one Web page to access data from a second one, if both pages are from the same origin. The bug allows an attacker to read and steal sensitive local files on the victim's computer.

EUThe vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the 'same origin policy') and FirefoxEUs PDF Viewer,EU the company said in the blog post announcing the security fix. Although the exploit does not allow an attacker to execute arbitrary code on the target machine, it does allow a hacker to deliver a JavaScript payload, which is then able to search for and upload potentially sensitive files from the machine.

Mozilla said that since the vulnerability is specific to its PDF Viewer, versions of the browser that do not contain the PDF Viewer, such as Firefox for Android, are...

Comments are closed.